Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Solution auth base #1

Closed
wants to merge 2 commits into from
Closed

Solution auth base #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0dbf6ad
Implement API authorisation
rocketkai Jun 14, 2022
a41bd16
Retrieve buyer ID from buyer email on buy requests
rocketkai Jun 25, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
34 changes: 27 additions & 7 deletions index.js
View file
Open in desktop
@@ -1,8 +1,9 @@
import cors from "cors";
import express from "express";
import { auth } from "express-oauth2-jwt-bearer";

import db from "./db/models/index.cjs";
const { Listing } = db;
const { Listing, User } = db;

const PORT = 3000;
const app = express();
Expand All @@ -13,15 +14,27 @@ app.use(cors());
// Enable reading JSON request bodies
app.use(express.json());

// Authorization middleware. When used, the Access Token must
// exist and be verified against the Auth0 JSON Web Key Set.
const checkJwt = auth({
audience: "https://carousell/api",
issuerBaseURL: `https://dev-9o--f19k.us.auth0.com/`,
});

// Retrieve all listings. No authentication required.
app.get("/listings", async (req, res) => {
const listings = await Listing.findAll();
res.json(listings);
});

// Create listing. Requires authentication.
app.post("/listings", async (req, res) => {
// TODO: Get seller email from auth, query Users table for seller ID
app.post("/listings", checkJwt, async (req, res) => {
// Retrieve seller from DB via seller email from auth
const [seller] = await User.findOrCreate({
where: {
email: req.body.sellerEmail,
},
});

// Create new listing
const newListing = await Listing.create({
Expand All @@ -32,7 +45,7 @@ app.post("/listings", async (req, res) => {
description: req.body.description,
shippingDetails: req.body.shippingDetails,
BuyerId: null,
SellerId: 1, // TODO: Replace with seller ID of authenticated seller
SellerId: seller.id,
});

// Respond with new listing
Expand All @@ -46,11 +59,18 @@ app.get("/listings/:listingId", async (req, res) => {
});

// Buy specific listing. Requires authentication.
app.put("/listings/:listingId/buy", async (req, res) => {
app.put("/listings/:listingId/buy", checkJwt, async (req, res) => {
const listing = await Listing.findByPk(req.params.listingId);

// TODO: Get buyer email from auth, query Users table for buyer ID
await listing.update({ BuyerId: 1 }); // TODO: Replace with buyer ID of authenticated buyer
// Retrieve seller from DB via seller email from auth
const [buyer] = await User.findOrCreate({
where: {
email: req.body.buyerEmail,
},
});

// Update listing to reference buyer's user ID
await listing.update({ BuyerId: buyer.id });

// Respond to acknowledge update
res.json(listing);
Expand Down
33 changes: 33 additions & 0 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions package.json
View file
Open in desktop
Expand Up @@ -8,6 +8,7 @@
"dependencies": {
"cors": "^2.8.5",
"express": "^4.18.1",
"express-oauth2-jwt-bearer": "^1.1.0",
"pg": "^8.7.3",
"sequelize": "^6.20.1"
},
Expand Down